ssl_cert_chain less forgiving than in 6.0.5 #160
Description
in 6.0.6 plugin switched to using the native Java backend for TLS,
before (<= 6.0.5) the plugin relied on BoringSSL (OpenSSL) to do the TLS lifting.
seems that when ssl_cert_chain => ... is set but the ssl_cert => ... is able to directly verify the client signature there's a change in behaviour. 6.0.5 seems to have been okay with "ignoring" the extra chain while the Java backend is strictly rejecting.
if this is the case we should at least mention that in the ssl_cert_chain => ... that there's a change in behaviour.
NOTE: 6.0.6 was shipped since LS 7.8.1